curl -X POST
http://localhost:9200/tdps%2A/log/_search
-H 'Cache-Control: no-cache'
-H 'Content-Type: application/json'
-H 'Postman-Token: ab63256e-5fac-4a96-9970-2b3020f37c2c'
-d '{
"query": {
"terms": {
"main_name": ["撞库攻击", "登录"]
}
},
"aggs": {
"group_by_url": {
"terms": {
"field": "net.http.url"
},
"aggs": {
"statustype": {
"terms": {
"script": {
"inline": "doc['''net.http.status'''].value + '''-''' + doc['''net.http.resp_content_length'''].value + doc['''net.http.resp_body'''].value"
},
"size": 1000
}
}
}
}
},
"_source": ["net.http.status", "net.http.resp_content_type", "net.http.url"]
}'
网友评论